Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Similar documents
Securing the Data Center against

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Potpuna virtualizacija od servera do desktopa. Saša Hederić Senior Systems Engineer VMware Inc.

Dynamic Datacenter Security Solidex, November 2009

The Future of Virtualization. Jeff Jennings Global Vice President Products & Solutions VMware

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

VMware vsphere 4.0 The best platform for building cloud infrastructures

The Future of Virtualization Desktop to the Datacentre. Raghu Raghuram Vice President Product and Solutions VMware

The vsphere 6.0 Advantages Over Hyper- V

Symantec Reference Architecture for Business Critical Virtualization

Real Security for Server Virtualization

W11 Hyper-V security. Jesper Krogh.

CS 356 Operating System Security. Fall 2013

VMware Join the Virtual Revolution! Brian McNeil VMware National Partner Business Manager

Securing Your Virtual World Harri Kaikkonen Channel Manager

Table of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2

Virtual Datacenter Automation

VMware Overview VMware Infrastructure 3: Install and Configure Rev C Copyright 2007 VMware, Inc. All rights reserved.

Directions in Data Centre Virtualization and Management

Back To The Future - VMware Product Directions. Andre Kemp Sr. Product Marketing Manager Asia - Pacific

T14 - Network, Storage and Virtualization Technologies for Industrial Automation. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

VMware ESX Server 3i. December 2007

Security Gateway Virtual Edition

Kaspersky Security for Virtualization Frequently Asked Questions

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

Using Virtualization to Improve Security. Jay Judkowitz Product Manager, ESX Server VMware, Inc.

The threat landscape is constantly

Table of Contents 1.1. Overview. Containers, Docker, Registries vsphere Integrated Containers Engine

Introduction. Application Versions. Virtual Machine Defined. Other Definitions. Tech Note 656 Building Wonderware Solution Architectures on VMware

Better Security with Virtual Machines

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Symantec and VMWare why 1+1 makes 3

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Watson Developer Cloud Security Overview

The Road to a Secure, Compliant Cloud

VMware vsphere Clusters in Security Zones

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Security Gateway Virtual Edition

vsan Security Zone Deployment First Published On: Last Updated On:

Ensure Virtualization Security and Improve Business Productivity with Kaspersky

PCI DSS Compliance. White Paper Parallels Remote Application Server

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

Citrix XenDesktop 2.0. Michael Schmidt Country Manager Switzerland Citrix Systems International GmbH

Exam : VMWare VCP-310

Xen and CloudStack. Ewan Mellor. Director, Engineering, Open-source Cloud Platforms Citrix Systems

SYMANTEC DATA CENTER SECURITY

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

Availability & Resource

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

VMware Vision and Future Directions Jan Kvinta

Oracle Solaris Virtualization: From DevOps to Enterprise

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Virtual Security Gateway Overview

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

VMware - VMware vsphere: Install, Configure, Manage [V6.7]

Security in a Virtualized Environment with TrendMicro

Datacenter Security: Protection Beyond OS LifeCycle

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

VMware Infrastructure The New Computing Platform. Presented by: Nick Smith Corporate Account Manager, VMware

70-414: Implementing an Advanced Server Infrastructure Course 01 - Creating the Virtualization Infrastructure

A comprehensive framework for securing virtualized data centers. Business white paper

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Xen Project Overview and Update. Ian Pratt, Chairman of Xen.org, and Chief Scientist, Citrix Systems Inc.

Network Virtualization Business Case

vnetwork Future Direction Howie Xu, VMware R&D November 4, 2008

Network Security Protection Alternatives for the Cloud

Ret h i n k i n g Security f o r V i r t u a l Envi r o n m e n t s

VMware vsphere 6.5: Install, Configure, Manage (5 Days)

Hypervisor security. Evgeny Yakovlev, DEFCON NN, 2017

Online Services Security v2.1

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

T12: Virtualization: IT Audit and Security Perspectives Jason Chan, VMware

CSE543 - Computer and Network Security Module: Virtualization

Securing the Virtualized Environment: Meeting a New Class of Challenges with Check Point Security Gateway Virtual Edition

And do it with less...

Chapter 5 C. Virtual machines

VMware vsphere with ESX 6 and vcenter 6

VMware vsphere with ESX 4.1 and vcenter 4.1

Introduction. Application Versions. Virtual Machine Defined. Other Definitions. Tech Note 656 Building Wonderware Solution Architectures on VMware

Security in Cloud Environments

IOmark- VM. HP HP ConvergedSystem 242- HC StoreVirtual Test Report: VM- HC b Test Report Date: 27, April

VMware vsphere PowerCLI Reference

Cisco Data Center Network Manager 5.1

AB Drives. T4 - Process Control: Virtualization for Manufacturing. Insert Photo Here Anthony Baker. PlantPAx Characterization & Lab Manager

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Cisco Expo 2009 Bratislava. Chief Technology Officer VMware, Inc.

Why the cloud matters?

VMware vsphere 4. The Best Platform for Building Cloud Infrastructures

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

How Parallels RAS Enhances Microsoft RDS. White Paper Parallels Remote Application Server

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

CimTrak Product Brief. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

Virtualization and Security Boundaries

IT Infrastructure: Poised for Change

VMware: Server Virtualization and Storage

Virtualization. Application Application Application. MCSN - N. Tonellotto - Distributed Enabling Platforms OPERATING SYSTEM OPERATING SYSTEM

Stopping Advanced Persistent Threats In Cloud and DataCenters

GUIDE. MetaDefender Kiosk Deployment Guide

Virtualizing Oracle on VMware

Transcription:

Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to a Secure Deployment The Future of Datacenter Security

Securing your Virtualized Datacenter VMWARE VIRTUALIZATION TECHNOLOGY

Hosted Virtualization vs. Bare Metal Virtualization Hosted Virtualization Bare-Metal Virtualization Guest VM can be trusted Guest VM not necessarily trusted VMware Workstation VMware Server VMware Player Host OS changes security profile VMware ESX Server

Isolation by design 5

ESX Hypervisor: Robust, Reliable Foundation Virtual Machine Drivers Virtual Machine Drivers Virtual Machine Drivers Drivers VMware Architecture Thin Custom Kernel Direct driver model VM-optimized drivers Higher I/O throughput MSFT / Xen Architecture Large general-purpose OS Indirect driver model Generic drivers I/O degradation under load

Improving Security of the Platform VMware ESXi Compact 32MB footprint Fewer patches ESXi Smaller attack surface Absence of generalpurpose management OS No arbitrary code running on server Not susceptible to common threats Only OS-independent design focused on virtualization

Improving Security of the Platform Harden Platform Services (2009) Integrity on Disk TPM (Trusted Platform Module) support Code & driver signing Integrity in Memory Memory Protection

VMware: Proven and Trusted Thousands of customers in production Passed security audit and put into production use by largest banks in the US Passed Defense and Security Agencies scrutiny and audit 9

Independently validated Common Criteria Certification EAL (Evaluation Assurance Level) CC EAL 4+ certification http://www.cse-cst.gc.ca/services/ccs/vmware-e.html Highest recognized level VMware Technology chosen as basis for NSA Virtualized Workstation 10

Securing your Virtualized Datacenter HOW VIRTUALIZATION AFFECTS DATACENTER SECURITY

How Virtualization Affects Datacenter Security 12

How Virtualization Affects Datacenter Security 13

Biggest Security Risk: Misconfiguration Neil MacDonald How To Securely Implement Virtualization Like their physical counterparts, most security vulnerabilities will be introduced through misconfiguration and mismanagement

What not to worry about

Securing your Virtualized Datacenter KEYS TO A SECURE VIRTUALIZED DEPLOYMENT

Securing Virtual Machines Provide Same Protection as for Physical Servers Host Anti-Virus Patch Management Network Intrusion Detection/Prevention (IDS/IPS) Edge Firewalls 17

Secure Design for Virtualization Layer Fundamental Design Principles Isolate all management networks Disable all unneeded services Tightly regulate all administrative access 18

Enforce Strong Access Controls Joe Harry Security Principle Least Privileges Separation of Duties Implementation in VI Roles with only required privileges Roles applied only to required objects Administrator Operator Anne User 19

Maintain Strict Administrative Controls Requirement Configuration management, monitoring, auditing Track and Manage VM Lifecycle Updating of offline VMs Virtual network security Example Products Tripwire Enterprise for VMware ESX NetIQ Secure Configuration Manager Configuresoft ECM for Virtualization VMware Lifecycle Manager VMware Stage Manager VMware Update Manager Shavlik NetChk Protect Checkpoint Reflex Third Brigade Diverse and growing ecosystem of products to help provide secure VMware Infrastructure 20

Security Advantages of Virtualization Ease of maintenance Test patches on multiple configurations in contained environment before rolling them out Use snapshots to save the known good state of a virtual machine before trying out something risky Production VM can be cloned and then modified off-line while the original one still runs. Updated VMs can be brought up in parallel with the previous version Both can be kept running as long as necessary to validate the new configuration 21

Security Advantages of Virtualization Protect against attack of misconfiguration or attack Ease of recovery restoring it from last known good backup patch in isolation before putting online Ability to do forensics Bring up hacked VM in isolation 22

Better Lifecycle Controls Security Advantages of Virtualization Create Approve Publish or Retract Audit Usage Retain Request Document Dispose Archive Deploy from Template Route for Audit/ Approval Power-On or Suspend Monitor & Adjust Resources Request for VM Provisioning Delete

Securing your Virtualized Datacenter THE FUTURE OF DATACENTER SECURITY 24

VMsafe Enables Application Protection VMsafe API and Partner Program Protect the VM by inspection of virtual components (CPU, Memory, Network and Storage) Run outside the VM Complete integration and awareness of VMotion, Storage VMotion, HA, etc. Fundamentally changes protection available for VMs running on VMware Infrastructure vs. physical machines Provides an unprecedented level of security Virtual is more secure than Real ESX with ESXVMsafe http://vmware.com/go/vmsafe VMsafe

VMsafe: Broad Security Industry Support Enterprise to SMB End-points to Gateways Anti-Virus to IPS Networks to Host Audit to Patching And Anywhere in between 26

Virtual Datacenter OS: Security vservice

Before VDC-OS IIS #1 Firewall Load Balancer IIS #2 Firewall Tomcat App Server Oracle App-specific security policies hard or impossible to set without interior visibility Static, HW appliances cannot be dynamically re-configured based on topology changes Fixed-capacity appliances forces over-provisioning

After VDC-OS Application topology and protocol awareness allows for dynamic security based on logical boundaries Dynamic capacity and rerouting based on load balancing and power management Security policies auto-adapt to network reconfiguration or upgrades to 3rd-party virtual networking, e.g Nexus 1000V

Where to Learn More Security Hardening Best Practices Implementation Guidelines http://vmware.com/go/security Compliance Partner Solutions Advice and Recommendations http://vmware.com/go/compliance

Thank You Charu Chaubal charu@vmware.com http://www.vmware.com/go/security

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback